You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Something strange is happening lately, maybe RAT?

Ok so short story first, met this guy online on a game; he has never sent me weird links or sent me downloads to anything, all links he has sent me are ones I've known about and highly trust, imgur / reddit etc.

I've always had a weird vibe about him that he always seems to know what I am doing on my pc or what I've said to other people on Teamspeak, this isn't just once I get this all the time there is just something errie about the whole ordeal, I'll list some examples below.

- I can speak in private to an IRL friend on Teamspeak someone he doesn't know or communicate with, I know this for a fact and at some point later on I'll go talk to this guy he'll repeat certain words that just ring alarm bells. i.e; Picnic, chocolate eclair, samson go mic.. -- Just says it out in the open and it rattles me.

- I'll be doing something discrete on a game and he'll link me a meme picture relating to it, I ask him why he just linked me that picture randomally and he goes quiet?

- Relating to the same game, he managed to find out my in-game name and private messages me "sup" and this point I just knew something was off.

- Often enough whilst talking to him, I'll feel my cursor fighting against me on the screen for a second or two, this could obviously be a mouse fault but it happens a good 98% of the time when I am either talking to this person or shortly after he gets off.

This has been going on for months and I know what I've listed isn't exactly groundbreaking evidence but this is just stuff that has happened in the last 2-3 days.

I believe I AM infected and I would appreciate some help on steps to take, thanks.

Edit - In all of my 10 years of playing games and meeting loads of people who I consistently play with, I have never experienced something like this where alarm bells just keep ringing off and feeling as if I am being watched or monitored by this individual.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click List Threats

Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Click the Back button.

Click the Finish button.

NOTE: Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Sorry for the delayed reply, I didn't receive a notification at all to say I had a reply on my thread.Thanks for helping and I have the results here before I start listing them you should know that Junkware Removal Tool would not start for me and I received this upon opening it. http://i.imgur.com/dUkpQNe.png

Error: (02/26/2015 10:54:51 AM) (Source: BstHdAndroidSvc) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 03:17:12 AM) (Source: BstHdAndroidSvc) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:=============Error: (02/27/2015 10:29:51 AM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/26/2015 10:54:51 AM) (Source: BstHdAndroidSvc)(User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 03:17:12 AM) (Source: BstHdAndroidSvc)(User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 10:54:51 AM) (Source: BstHdAndroidSvc) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/26/2015 10:54:51 AM) (Source: BstHdAndroidSvc)(User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

This item, removed "Win32/Keygen.HA " ...... Malware is often installed along with this tool. Microsoft security software finds malware on more than half of the PCs where we detect this tool. Keygens are dangerous.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

This item, removed "Win32/Keygen.HA " ...... Malware is often installed along with this tool. Microsoft security software finds malware on more than half of the PCs where we detect this tool. Keygens are dangerous.

Save any unsaved work. (TFC will close ALL open programs including your browser!)

Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Save any unsaved work. (TFC will close ALL open programs including your browser!)

Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

Go to Step 5 and under"System Restore" click on Create button.

Go to Start Repairs tab and click the Start button.

Leave the check marks as they are.NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook